Dec 29 2015

Schools Face Security Risks as End of Support for SQL Server 2005 Looms

Microsoft will end security support for SQL Server 2005 in April 2016, and schools must prepare to upgrade.

A decade ago, Microsoft’s SQL Server 2005 was on the cutting edge of relational database management technology. Now it’s outdated software that Microsoft will no longer provide security updates for as of April 2016.

Districts still running SQL 2005 will soon face potentially serious security vulnerabilities if they don’t upgrade. Microsoft's representatives say staying up-to-date with software helps to protect student data and provides continual security updates.

According to Tiffany Wissner, senior director of data platform marketing at Microsoft, there are several ways the transition to the end of extended support will affect the enterprise market. She says that SQL Server 2005 users are not capitalizing on opportunities “because they are running decade-old technology.”

“While SQL Server 2005 was a great database for its time, the way businesses work with technology and data has changed dramatically,” she says, “and Microsoft has worked to adapt to these needs with each successive version of SQL Server by introducing enhancements to performance, availability, scalability, security and manageability through features like Always On in SQL Server 2012 and In-Memory OLTP in SQL Server 2014.”

The latest version of SQL Server can protect a school district's data and platform because Microsoft provides continual security updates and patches. By upgrading, users will get up to 13 times faster performance overall — including  30-times-faster transactional  performance gains and 100-times-faster query performance gains — thanks to new, in-memory technology.

“Running an unsupported database means customers aren’t getting updates and patches that will protect them against new threats, and they may have trouble meeting corporate or regulatory security requirements,” Wissner says.

Additionally, those that continue to run SQL 2005 will potentially run into compliance issues.

“If your company is still using SQL Server 2005, this may result in an officially recognized control failure by an internal or external audit body, leading to suspension of certifications and/or public notification of the company’s inability to maintain its systems and customer information,” Wissner warns.

Taking the Necessary Steps to Upgrade

“If they haven’t already,” Wissner advises, “IT pros should identify which applications are impacted and begin migrating immediately to reduce the risk of running unsupported software after April 2016.” School districts running SQL 2005 should make an inventory of their applications and databases using something like the Microsoft Assessment and Planning toolkit.

SQL 2005 users should evaluate these applications by how important they are to their ongoing operations. For example, Tier 1 applications are mission-critical ones whose failure could have a serious impact if they go down for hours or even minutes. By contrast, Tier 2 applications could potentially go down for a day or two. All other applications fall into the Tier 3 bucket and could potentially be down for more than a day without causing a serious disruption.

Multiple Upgrade Options Are Available

There are several upgrade options for SQL 2005 users, depending on their application needs, Wissner says.

Customers can migrate to a physical version of SQL Server 2014 or move to that server in a virtual environment (on premises, with a third-party provider or in Azure).  

Another option is Microsoft Azure SQL Database.  In addition to security and compliance issues, SQL 2005 users face higher maintenance costs, Wissner says. “Staying put costs more in the end. Maintaining legacy servers, firewalls, guarding against potential security risks and preparing for liability created by out-of-date software will drive up costs.”

SQL 2005 users could also lose their competitive edge. “Failing to take advantage of new technologies and application opportunities can hinder a company’s success, including the increased performance provided by recent versions,” Wissner says.

“The software will continue to function, but there are serious risks associated with running applications on an unsupported database,” she adds. 

Darryl Sebro

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.